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Abstract 

The Workflow Satisflability Problem (WSP) asks whether there exists an assignment of authorized 
users to the steps in a workflow specification, subject to certain constraints on the assignment. The 
problem is NP-hard even when restricted to just not equals constraints. Since the number of steps k 
is relatively small in practice, Wang and Li (2010) introduced a parametrisation of WSP by k. Wang 
and Li (2010) showed that, in general, the WSP is W[l]-hard, i.e., it is unlikely that there exists a 
fixed-parameter tractable (FPT) algorithm for solving the WSP. Crampton et al. (2013) and Cohen 
et al. (2014) designed FPT algorithms of running time 0*(2'') and O* (2'= '=) for the WSP with 

so-called regular and user-independent constraints, respectively. In this note, we show that there are 
no algorithms of running time O* {2'^^) and O* {2^^ ^) for the two restrictions of WSP, respectively, 

with any c < 1, unless the Strong Exponential Time Hypothesis fails. 


1 Introduction 

The Workflow Satisfiability Problem (WSP) is a problem studied in the security research community, 
with important applications to information access control. In a WSP instance, one is given a set of k 
steps and a set of n users, and the goal is to find an assignment from the steps to the users, subject 
to some instance-specific constraints and authorization lists; see formal definition below. In practice, 
the number of steps tends to be much smaller than the number of users. Hence it is natural to study 
the problem from the perspective of parameterized complexity, taking k as a problem parameter. In 
general, the resulting parameterized problem is W[l]-hard [3T], hence unlikely to be FPT, but for some 
natural types of constraints the problem has been shown to be FPT. In particular, Crampton et al. |10j 
gave an algorithm with a running time of 0*{2^) for so-called regular constraints, and Cohen et al. [5] 
gave an algorithm with a running time of 0*(2^*°s^H for user-independent constraints; see below. User- 
independent constraints in particular are common in the practice of access control. It was also shown 
that assuming the Exponential Time Hypothesis (ETH) [TB], these algorithms cannot be improved to 
running times of 0(2°^^^) or 0 ( 2 °(^'°sfe))^ respectively [10116]. Still, because of the importance of the 
problem, the question of moderately improved running times, e.g., algorithms of running time 0(2'^^), 
respectively 0(2'^^*°s^), for some c < 1, remained open and relevant. In this paper, we will show that 
no such algorithms are possible, unless the so-called Strong Exponential Time Hypothesis (SETH) [T5] 
fails - that is, up to lower-order terms, the algorithms cited above are time optimal. 

In the remainder of this section, we formally introduce the Workflow Satisfiability Problem (WSP) 
and some families of constraints of interest for the WSP. We briefly overview the WSP literature that 
considers the WSP as a parameterized problem, as suggested by Wang and Li m, and state our main 
results. We prove the results in the next section. 

WSP. In the WSP, the aim is to assign authorized users to the steps in a workflow specification, subject 
to some constraints arising from business rules and practices. The Workflow Satisfiability Problem has 
applications in information access control (e.g. see EllSlls]), and it is extensively studied in the security 
research community (e.g. see [3i 0 na mi). In the WSP, we are given a set U of users, a set S of steps, 
a set X = {4l(s) : s £ S'} of authorization lists, where A(s) C U denotes the set of users who are 
authorized to perform step s, and a set C of constraints. In general, a constraint c £ C can be described 

^All logarithms in this paper are of base 2. 
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as a pair c = (T, 0), where T C S' is the scope of the constraint and 0 is a set of functions from T to U 
which specifies those assignments of steps in T to users in U that satisfy the constraint (authorizations 
disregarded). Authorizations and constraints described in the WSP literature are relatively simple such 
that we may assume that all authorisations and constraints can be checked in polynomial time (in n = |C/|, 
k = [S'! and m = IC'D- Given a workflow W = {S,U,A,C), W is satisfiable if there exists a function 
TT : S ^ U called a plan such that 

• TT is authorized, i.e., for all s £ S, 7r(s) G A(s) (each step is allocated to an authorized user); 

• TT is eligible, i.e., for all (T, 0) G C, tt\t G 0 (every constraint is satisfied). 

Wang and Li m were the first to observe that the number k of steps is often quite small and so 
can be considered as a parameter. As a result, the WSP can be studied as a parameterized problem. 
Wang and Li m proved that the WSP is fixed-parameter tractable (FPT) if it includes only some special 
types of practical constraints (authorizations can be arbitrary as in all other research on WSP mentioned 
below). This means that the WSP restricted to the types of constraints in [21] can be solved by an 
FPT algorithm, i.e., an algorithm of running time 0{fik){n + /c + c)*^^^^) = 0*{f(k)), where f{k) is 
a computable function of k only and O* hides polynomial factors. However, in general, the WSP is 
W[l]-hard [5T], which means that it is highly unlikely that, in general, the WSP is FPT.d The paper of 
Wang and Li has triggered an extensive study of FPT algorithms for the WSP from both theoretical and 
algorithm engineering points of view. We will briefly overview literature on the topic after introduction 
of some important families of the WSP constraints. In what follows, for a positive integer p, [p] denotes 
the set {1, 2 ,... ,p}. 


WSP Constraints. We now introduce three families of WSP constraints which consecutively extend 
each other. Let T be a subset of S. A plan tt satisfies a steps-per-user counting constraint {tt,,tr,T), 
if a user performs either no steps in T or between ti and fl steps. Steps-per-user counting constraints 
generalize the cardinality constraints which have been widely adopted by the WSP community 1212 nil 

HOI- 

For T G S and u G U let tt: T ^ u denote the plan that assigns every step of T to u. A constraint 
c = (L, 0) is regular if it satisfies the following condition: For any partition Li,..., Lp of L such that 
for every i G [p] there exists an eligi blci plan tt: L ^ U and user u such that tt ^{u) = Li, the plan 
y_fi^i{Li -G Ui), where all ufis are distinct, is eligible. Consider, as an example, a steps-per-user counting 
constraint {tt,, t^, L). Let Li,..., Lphe a, partition of L such that for every i G [p] there exists an eligible 
plan tt: Li ^ U and user u such that tt~^(u) = Li. Observe that for each i G [p], we have tt < \Li\ < G 
and so the plan ljr=i(^j where all Ui’s are distinct, is eligible. Thus, any steps-per-user counting 

constraint {tt,tr,L) is regular. 

A constraint (L,0) is user-independent if whenever 9 G Q and "0: t/ —> 17 is a permutation then 
Ip o 6 G Q. In other words, user-independent constraints do not distinguish between users. Observe that 
all regular constraints are user-independent; however some user-independent constraints are not regular 

m- 

FPT Algorithms for the WSP. Crampton et al. uni found a faster FPT algorithm, of running time 
0*{2^), to solve the special cases of WSP studied by Wang and Li [51] and showed that the algorithm can 
be used for all regular constraints (all constraints studied in [^ are regular). Cohen et al. [5] showed that 
the WSP with only user-independent constraints is FPT and can be solved by an algorithm of running 
time (9*(2^^°s^). A simpler 0*(2^*°sfe)_tinie algorithm was designed by Karapetyan et al. [IS] for WSP 
with user-independent constraints. Also an 0*(2^’^°s^)-time algorithm was obtained by Crampton et 
al. [5] for a natural optimization version of WSP, the Valued WSP, with (valued) user-independent 
constraints. The algorithms of these three papers were implemented in [zidsiin], respectively, and, in 
computational experiments, the implementations demonstrated a clear superiority of the FPT algorithms 
over well-known off-the-shelf solvers, the pseudo-boolean SAT solver SAT4J and the MIP solver CPLEX, 
for hard WSP and Valued WSP instances (in particular, the off-the-shelf solvers could not find solutions 
to many instances for which the FPT algorithm found solution within a few minutes). 

^For recent excellent introductions to fixed-parameter algorithms and complexity, see, e.g., [HUH]. 

^We consider only constraints whose scope is a subset of L. 
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Crampton et al. [in] and Cohen et al. [B], respectively, showed that under the Exponential Time 
Hypothesis (ETH) [TB], there are no algorithms of running time and O* ^ respectively, 

for the WSP with regular and user-independent constraints, respectively. However, these results leave 
possibility of the existence of algorithms of running time 0*{2^^) and respectively, with 

c < 1. Such algorithms would not only be of purely theoretical interest, at least in the case of user- 
independent constraints. The aim of this note is to show that, unfortunately, such algorithms do not 
exist unless the Strong Exponential-Time Hypothesis (SETH) fails. Recall that SETH [T^ states that 

lim inf{c > 0 : t-SAT has an algorithm in time 0(2°")} = 1. 

t—¥00 

SETH is a stronger hypothesis than ETH, and has been used repeatedly to argue that various algo¬ 
rithms are “probably optimal” [iiiiiniii]. In this sense, we show that the above-mentioned algorithms 
for regnlar respectively nser-independent WSP are probably optimal, i.e., that they cannot be improved 
by current state of the art techniques and that improving them is as hard as improving the running time 
of SAT algorithms. 

2 Lower Bounds 

It is easy to prove that the WSP with regular constraints cannot be solved in time 0*(2°^) for any c < I 
unless SETH fails via a simple reduction from Set Splitting. In Set Splitting, we are given a set 
S and a family {Si,..., Sp} of its subsets, and our aim is to decide whether the there is a function 
/ : S' —>■ {1, 2} such that both /“^(l) 0 Si and f~^{2) Cl Si are nonempty for every i € [p]. Cygan et al. 
[ni proved that Set Splitting cannot be solved in time 0*(2°l'^l) for any c < 1, unless SETH fails. To 
reduce Set Splitting to the WSP with regular constraints, let S be the set of WSP steps, U = {1,2}, 
A(s) = U for each s G S, and C = {(1, |Si| — 1, S^) : i G [p]}. It remains to recall that (I, |Si| — 1, Si) is 
a steps-per-user counting constraint, which is regular. 

In the rest of this section, we prove that the WSP with user-independent constraints cannot be solved 
in time 0*(A:°^) for any c < 1 unless SETH fails. We will show it by an appropriate reduction from r-SAT 
to the WSP with user-independent constraints via {d, r)-CSP, the Constraint Satisfaction Problem with 
domain size d and every constraint of arity at most r. In (d, r)-CSP, we will consider only clause-like 
constraints, which are constraints with only one forbidden assignment for the scope variables]! 

Let us fix a constant arity r, and let be an r-SAT formula with n variables. Let us fix a function 
f{n) G 0(n°(^^) na;(logn) such that n/f{n) is a power of 2, e.g., \ lognloglogn < f{n) < lognloglogn. 
Let d = n/f{n). We will first convert T to an instance of (d, r)-CSP with [n/logd] variables, then 
reduce this instance to a WSP instance with appropriate size parameters. The following is our first step 
(which is simply done by grouping variables). 

Lemma 1. There is a reduction from r-SAT with n variables to (d, r)-CSP with only clause-like con¬ 
straints and with k = [n/logd] variables, where d = n/f(n). The reduction runs in polynomial time. 

Proof. Let the variables of J" be Al = {xi,... ,Xn} and £ = logd = O(logn). For simplicity, add extra 
variables to J- so that n is a multiple of i. Note that this requires adding at most i = o(n) new variables. 
We group X into k = nf£ variable groups V = {Vi,..., 14} of variables per group. We also define a 
new domain D = (0,1}^. For a variable group Vi and a tuple b = (&i ,... ,bi) G D, the statement Vi = b 
is interpreted as the assignment where the j’th member of Vi gets value bj. Hence assignments V ^ D 
are in I-I relationship with assignments X —{0,1}. 

Next, for every clause C in X, we proceed as follows. Let V(C) be the scope of C, and observe that C 
is falsified by exactly one assignment to V{C). Similarly, the problem (d, r)-CSP allows us to arbitrarily 
specify forbidden assignments to sets of up to r variables. Clearly, the variables of V(C) occur in at most 
r variable groups in V. We can simply enumerate all assignments to these variable groups, these being 
at most |H|" = d” < n” (recall that r is a constant), and for every such assignment that is an extension 
of the assignment forbidden by C, we add a constraint to (d, r)-CSP forbidding this assignment. Since 
this is a polynomial number of constraints for every clause of X, this can be done in polynomial time in 
total. (Some of the resulting constraints may have arity less than r, e.g., some constraints may even be 
unary. This is allowed in our problem model.) □ 

■^Note that clauses of CNF SAT are clause-like constraints, which ’’justifies” the term clause-like. Clearly, an arbitrary 
CSP constraint can be decomposed into clause-like constraints. 
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Next, we show how we reduce from (d, r)-CSP to WSP with user-independent constraints. 

Lemma 2. Let d = njf{n). There is a polynomial-time reduction from (d, r)-CSP with only clause-like 
constraints and with k = |"n/logd] variables to the user-independent WSP with d users and k-\-d steps. 

Proof. Consider a (d, r)-CSP instance with only clause-like constraints; we will use notation as above, 
i.e., variable set V = {Vi,..., 14} and domain D. However, number and rename elements of D such that 
D = {1,... ,d}. We create a WSP instance with two sets of steps, and users U = D. The fixed steps 
are Sd = {si, ■ • ■ ,Sd}, where for i G [d] the authorization list of Si is 4(si) = {*}. The free steps are 
Sx = {«!, ■ ■ ■, Sfej, each of which has a full authorization list A(s) = U. 

Recall that every constraint in the (d, r)-CSP instance has a single forbidden assignment. Next, for 
every constraint in the (d, r)-CSP instance, over a scope C = {Pq(i), ..., Pq(p)} {p < r) with a single 
forbidden assignment cf) : C ^ D, we add the following constraint to the WSP instance: 

p 

where s[ = Sj means that s[ and sj must be assigned to the same user. Note that the above WSP 
constraints are user-independent as they do not distinguish between users. It is clear that the reduction 
can be performed in polynomial time in the size of the input. 

For correctness, we make two observations. First, by construction, for every user i G U and every 
authorized plan (f> : Sd U Sx —> U, there is exactly one step s G Sd such that (p{s) = i. Hence, for every 
step s' G Sxj we have ^(s') = i if and only if 4>{s') = 4>{si). Second, let </> be an authorized plan as above, 
and define (/)' : V —>■ D by (j)'{Vi) = ^(s^. Then (by the previous observation) for every constraint C of 
the (d, r)-CSP instance, (j)' satisfies C if and only if (f is eligible for the corresponding constraint of the 
WSP instance. This shows the equivalence of the instances. □ 

Note that our WSP instance has constraint of bounded arity (at most 2r). This may not be critical, 
but it alleviates some potential concerns (e.g., the specific encoding of the WSP constraints is not 
important). We can now wrap up the proof. 

Theorem 1. the WSP with user-independent constraints cannot be solved in time for any 

c < 1 unless SETH fails. 

Proof. In this proof, for functions g'{n) and g"{n), we write g'{n) ~ g"{n) if g'{n) = g"{n){l -\- o{l)). 
Observe that g'{n) ~ g"{n) and g"{n) ^ g"'(n) imply g'(n) ^ g"'(n). 

Chaining the two reductions above, we have a polynomial-time reduction from an r-SAT instance 
T on n variables to the WSP instance on fc -|- d variables, where d = n/f{n) and k = [n/logd]. In 
particular, we can write 

log/(^) _ n 

log n — log /(n) J log n 

Similarly, we have d = \n/f{n)'\ = o(n/logn), hence 

k' = fc-Hd- 

logn 


logn 


log n — log /(n) log n log n — log f(n) log n 


14- 


Now note that 

71 

k'logk' = - - (1 -I- o(l))(logn — log logn -I- o(l)) ~ n. 

logn 

Hence for any c < 1, solving the WSP instance in the stated time would imply solving every r-SAT 
instance for every r in time 0(2'^ ”) for some c' < 1 independent of r. This would contradict SETH. □ 
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